From e55744bb195f0d665332ceb48acb57b4a4e186b5 Mon Sep 17 00:00:00 2001 From: ficus Date: Tue, 11 Sep 2012 01:16:38 +0200 Subject: update to FBx public-0.1 freedom-maker Snapshot commit with no torouter-specific changes re-applied. Updated freedom-maker image to a significantly more recent version, used by the FreedomBox project. This includes a shift from debian "stable" to "testing" (wheezy), which has a Linux 3.2 kernel. date Fri, 24 Aug 2012 03:50:41 +0000 repo git://anonscm.debian.org/freedombox/freedom-maker.git commit de1f66f0651a3a7c306331eeda1db93535b1470a (public-0.1) --- freedom-maker/source/etc/apt/sources.list | 2 + freedom-maker/source/etc/dhcp/dhcpd.conf | 32 +++++++++ freedom-maker/source/etc/dnsmasq.conf | 24 +++++++ freedom-maker/source/etc/fstab | 6 ++ freedom-maker/source/etc/hosts | 7 ++ freedom-maker/source/etc/init.d/first-run | 71 ++++++++++++++++++++ freedom-maker/source/etc/init.d/proxy | 61 +++++++++++++++++ freedom-maker/source/etc/mtab | 0 freedom-maker/source/etc/network/interfaces | 25 +++++++ freedom-maker/source/etc/openvpn/client.conf | 0 freedom-maker/source/etc/openvpn/static.key | 0 freedom-maker/source/etc/rc1.d/S01first-run | 1 + freedom-maker/source/etc/rc2.d/S01first-run | 1 + freedom-maker/source/etc/rc2.d/S50proxy | 1 + freedom-maker/source/etc/resolv.conf | 2 + freedom-maker/source/etc/sysctl.conf | 5 ++ .../udev/rules.d/75-persistent-net-generator.rules | 0 freedom-maker/source/install.sh | 76 ++++++++++++++++++++++ freedom-maker/source/sbin/copy2dream | 47 +++++++++++++ 19 files changed, 361 insertions(+) create mode 100644 freedom-maker/source/etc/apt/sources.list create mode 100644 freedom-maker/source/etc/dhcp/dhcpd.conf create mode 100644 freedom-maker/source/etc/dnsmasq.conf create mode 100644 freedom-maker/source/etc/fstab create mode 100644 freedom-maker/source/etc/hosts create mode 100755 freedom-maker/source/etc/init.d/first-run create mode 100755 freedom-maker/source/etc/init.d/proxy create mode 100644 freedom-maker/source/etc/mtab create mode 100644 freedom-maker/source/etc/network/interfaces create mode 100644 freedom-maker/source/etc/openvpn/client.conf create mode 100644 freedom-maker/source/etc/openvpn/static.key create mode 120000 freedom-maker/source/etc/rc1.d/S01first-run create mode 120000 freedom-maker/source/etc/rc2.d/S01first-run create mode 120000 freedom-maker/source/etc/rc2.d/S50proxy create mode 100644 freedom-maker/source/etc/resolv.conf create mode 100644 freedom-maker/source/etc/sysctl.conf create mode 100644 freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules create mode 100644 freedom-maker/source/install.sh create mode 100644 freedom-maker/source/sbin/copy2dream (limited to 'freedom-maker/source') diff --git a/freedom-maker/source/etc/apt/sources.list b/freedom-maker/source/etc/apt/sources.list new file mode 100644 index 0000000..c06710c --- /dev/null +++ b/freedom-maker/source/etc/apt/sources.list @@ -0,0 +1,2 @@ +deb http://http.debian.net/debian wheezy main +deb-src http://http.debian.net/debian wheezy main diff --git a/freedom-maker/source/etc/dhcp/dhcpd.conf b/freedom-maker/source/etc/dhcp/dhcpd.conf new file mode 100644 index 0000000..ec502c6 --- /dev/null +++ b/freedom-maker/source/etc/dhcp/dhcpd.conf @@ -0,0 +1,32 @@ +# +# FreedomBox ISC dhcpd configuration +# +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +option domain-name "free.dom"; +option domain-name-servers ns1.free.dom, ns2.free.dom; + +default-lease-time 600; +max-lease-time 7200; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility local7; + +# basic subnet configuration for the 'downstream' wired network + +subnet 192.168.1.0 netmask 255.255.255.0 { + range 192.168.1.10 192.168.1.100; + option routers 192.168.1.1; +} diff --git a/freedom-maker/source/etc/dnsmasq.conf b/freedom-maker/source/etc/dnsmasq.conf new file mode 100644 index 0000000..71403d7 --- /dev/null +++ b/freedom-maker/source/etc/dnsmasq.conf @@ -0,0 +1,24 @@ +log-facility=DAEMON + +local=/fbx/ +local=/freedombox/ + +# Upstream DNS server +# FIXME this should be updated on boot. +server=192.168.0.1@eth1 + +# We will serve this DNS domain +# (DHCP hosts will receive a .lan suffix in DNS) +domain=lan + +# We're the authoritative dhcpd +# Read the manpage for a good explanation of what this does +dhcp-authoritative + +# We are going to serve hosts for: +# - LAN (192.168.1.0/24) (Only static hosts) +# - WLAN (192.168.2.0/24) +# New clients will receive an IP from the WLAN range. + +dhcp-range=interface:eth0,set:lan,192.168.1.10,192.168.1.100,255.255.255.0,2h +# dhcp-range=interface:uap0,set:lan,192.168.2.10,192.168.2.100,255.255.255.0,2h diff --git a/freedom-maker/source/etc/fstab b/freedom-maker/source/etc/fstab new file mode 100644 index 0000000..7c48827 --- /dev/null +++ b/freedom-maker/source/etc/fstab @@ -0,0 +1,6 @@ +/dev/sdc2 / auto relatime,rw 0 0 +proc /proc proc none 0 0 +sys /sys sysfs none 0 0 +none /dev/pts devpts defaults 0 0 +tmpfs /tmp tmpfs rw,nosuid,nodev 0 0 +/dev/sdc1 /boot vfat defaults 0 0 diff --git a/freedom-maker/source/etc/hosts b/freedom-maker/source/etc/hosts new file mode 100644 index 0000000..e252996 --- /dev/null +++ b/freedom-maker/source/etc/hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost freedombox fbx +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/freedom-maker/source/etc/init.d/first-run b/freedom-maker/source/etc/init.d/first-run new file mode 100755 index 0000000..8df2c2d --- /dev/null +++ b/freedom-maker/source/etc/init.d/first-run @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Script to complete the post-install process on first FBX boot. + +### BEGIN INIT INFO +# Provides: first-run +# Default-Start: 1 2 +# Required-Start: 2 +# Required-Stop: +# Default-Stop: +# Short-Description: Finish FBX install on DreamPlug +### END INIT INFO + +function tweak-kernel { + # Update the kernel unless requested otherwise. + + if [ -e /var/freedombox/dont-tweak-kernel ] + then + rm /var/freedombox/dont-tweak-kernel + else + kernel_version="$(/bin/ls $mountpoint/boot/vmlinuz-*-kirkwood | sort -rn | head -n1 | sed s#$mountpoint/boot/vmlinuz-##)" + + mount -t proc proc /proc + flash-kernel $kernel_version + umount /proc + fi +} + +function wifi-ap-setup { + # configure wireless access point with spinifex's prebuilt firmware + + echo "Sleeping 30s for DHCP" + sleep 30 # wait for dhcp + + echo "Installing UAP Firmware." + wget -O /tmp/marvell_wifi_firmware.tar.gz http://www.spinifex.com.au/plugs/downloads/dreamplug/marvell_wifi_firmware.tar.gz + tar -C /tmp -zxf /tmp/marvell_wifi_firmware.tar.gz + mkdir -p /lib/firmware/mrvl + cp /tmp/lib/firmware/mrvl/* /lib/firmware/mrvl +} + +function create-keys { + echo "Creating Keys." + + echo "Creating SSH keys." + rm /etc/ssh/ssh_host_* + dpkg-reconfigure openssh-server + + echo "Need to create other keys." + # gpg --batch --gen-key + # see http://lists.gnupg.org/pipermail/gnupg-users/2003-March/017376.html +} + +function remove-self { + rm -f /etc/init.d/first-run + rm -f /etc/rc1.d/S01first-run + rm -f /etc/rc2.d/S01first-run + rm /etc/init.d/first-run + rm /etc/rc1.d/S01first-run + rm /etc/rc2.d/S01first-run +} + +create-keys +# wifi-ap-setup + +# the last things we do before quitting. +tweak-kernel +remove-self + +echo "Kernel flashed. Rebooting." +reboot diff --git a/freedom-maker/source/etc/init.d/proxy b/freedom-maker/source/etc/init.d/proxy new file mode 100755 index 0000000..901507b --- /dev/null +++ b/freedom-maker/source/etc/init.d/proxy @@ -0,0 +1,61 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: proxy +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Proxy for clients. +### END INIT INFO + +set -e + +INTIF1="eth0" +INTIF2="uap0" +EXTIF="eth1" +EXTIP="`/sbin/ifconfig $EXTIF | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" + +loadModules() { + depmod -a + modprobe ip_tables + modprobe ip_conntrack + modprobe ip_conntrack_ftp + modprobe ip_conntrack_irc + modprobe iptable_nat + modprobe ip_nat_ftp +} + +setProc() { + echo "1" > /proc/sys/net/ipv4/ip_forward + echo "1" > /proc/sys/net/ipv4/ip_dynaddr +} + +configIpTables() { + iptables -P INPUT ACCEPT + iptables -F INPUT + iptables -P OUTPUT ACCEPT + iptables -F OUTPUT + iptables -P FORWARD DROP + iptables -F FORWARD + iptables -t nat -F + + iptables -A FORWARD -i $EXTIF -o $INTIF1 -m state --state ESTABLISHED,RELATED -j ACCEPT + iptables -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT + iptables -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT + iptables -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT + + iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE +} + +case "$1" in + start) + loadModules + setProc + configIpTables + ;; + *) + log_success_msg "Usage: /etc/init.d/proxy {start}" + exit 1 + ;; +esac diff --git a/freedom-maker/source/etc/mtab b/freedom-maker/source/etc/mtab new file mode 100644 index 0000000..e69de29 diff --git a/freedom-maker/source/etc/network/interfaces b/freedom-maker/source/etc/network/interfaces new file mode 100644 index 0000000..9680bed --- /dev/null +++ b/freedom-maker/source/etc/network/interfaces @@ -0,0 +1,25 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto eth0 +iface eth0 inet static + address 192.168.1.1 + netmask 255.255.255.0 + +allow-hotplug eth1 +iface eth1 inet dhcp + +# auto uap0 +# iface uap0 inet static +# address 192.168.2.1 +# netmask 255.255.255.0 +# post-up uaputl sys_cfg_ssid "freedombox" +# post-up uaputl sys_cfg_protocol 32 # WPA2 +# post-up uaputl sys_cfg_wpa_passphrase "freedombox123" +# post-up uaputl sys_cfg_cipher 8 8 # AES CCMP +# post-up uaputl bss_start diff --git a/freedom-maker/source/etc/openvpn/client.conf b/freedom-maker/source/etc/openvpn/client.conf new file mode 100644 index 0000000..e69de29 diff --git a/freedom-maker/source/etc/openvpn/static.key b/freedom-maker/source/etc/openvpn/static.key new file mode 100644 index 0000000..e69de29 diff --git a/freedom-maker/source/etc/rc1.d/S01first-run b/freedom-maker/source/etc/rc1.d/S01first-run new file mode 120000 index 0000000..e24a808 --- /dev/null +++ b/freedom-maker/source/etc/rc1.d/S01first-run @@ -0,0 +1 @@ +../init.d/first-run \ No newline at end of file diff --git a/freedom-maker/source/etc/rc2.d/S01first-run b/freedom-maker/source/etc/rc2.d/S01first-run new file mode 120000 index 0000000..e24a808 --- /dev/null +++ b/freedom-maker/source/etc/rc2.d/S01first-run @@ -0,0 +1 @@ +../init.d/first-run \ No newline at end of file diff --git a/freedom-maker/source/etc/rc2.d/S50proxy b/freedom-maker/source/etc/rc2.d/S50proxy new file mode 120000 index 0000000..9855df4 --- /dev/null +++ b/freedom-maker/source/etc/rc2.d/S50proxy @@ -0,0 +1 @@ +../init.d/proxy \ No newline at end of file diff --git a/freedom-maker/source/etc/resolv.conf b/freedom-maker/source/etc/resolv.conf new file mode 100644 index 0000000..af9304d --- /dev/null +++ b/freedom-maker/source/etc/resolv.conf @@ -0,0 +1,2 @@ +nameserver 208.67.222.222 +nameserver 208.67.220.220 diff --git a/freedom-maker/source/etc/sysctl.conf b/freedom-maker/source/etc/sysctl.conf new file mode 100644 index 0000000..916e972 --- /dev/null +++ b/freedom-maker/source/etc/sysctl.conf @@ -0,0 +1,5 @@ +# Reduce writes to flash drives +vm.laptop_mode=5 +vm.swappiness=0 +vm.dirty_writeback_centisecs=1500 +vm.dirty_expire_centisecs=1500 diff --git a/freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules b/freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules new file mode 100644 index 0000000..e69de29 diff --git a/freedom-maker/source/install.sh b/freedom-maker/source/install.sh new file mode 100644 index 0000000..76547ba --- /dev/null +++ b/freedom-maker/source/install.sh @@ -0,0 +1,76 @@ +echo "Preconfiguring dash - else dash and bash will be left in a broken state" +/var/lib/dpkg/info/dash.preinst install + +# don't leave target image containing apt config of the build host +echo "Configuring all packages" +export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true +export LC_ALL=C LANGUAGE=C LANG=C + +# allow flash-kernel to work without valid /proc contents +# ** this doesn't *really* work, since there are too many checks that fail +# in an emulated environment! We'll have to do it by hand below anyway... +export FK_MACHINE="Globalscale Technologies Dreamplug" + +# configure all packages unpacked earlier by multistrap +dpkg --configure -a + +echo "Adding source packages to filesystem" +dpkg --get-selections > /tmp/selections +mkdir -p /sourcecode +cd sourcecode +cut -f 1 < /tmp/selections | cut -d ':' -f 1 > /tmp/packages +apt-get source --download-only `cat /tmp/packages` + +# sshd may be left running by the postinst, clean that up +/etc/init.d/ssh stop + +# process installed kernel to create uImage, uInitrd, dtb +# using flash-kernel would be a good approach, except it fails in the cross +# build environment due to too many environment checks... +#FK_MACHINE="Globalscale Technologies Dreamplug" flash-kernel +# so, let's do it manually... + +# flash-kernel's hook-functions provided to mkinitramfs have the unfortunate +# side-effect of creating /conf/param.conf in the initrd when run from our +# emulated chroot environment, which means our root= on the kernel command +# line is completely ignored! repack the initrd to remove this evil... + +mkdir /tmp/initrd-repack +(cd /tmp/initrd-repack ; \ + zcat /boot/initrd.img-3.2.0-3-kirkwood | cpio -i ; \ + rm -f conf/param.conf ; \ + find . | cpio --quiet -o -H newc | \ + gzip -9 > /boot/initrd.img-3.2.0-3-kirkwood ) +rm -rf /tmp/initrd-repack + +(cd /boot ; \ + cp /usr/lib/linux-image-3.2.0-3-kirkwood/kirkwood-dreamplug.dtb dtb ; \ + cat vmlinuz-3.2.0-3-kirkwood dtb >> temp-kernel ; \ + mkimage -A arm -O linux -T kernel -n 'Debian kernel 3.2.0-3-kirkwood' \ + -C none -a 0x8000 -e 0x8000 -d temp-kernel uImage ; \ + rm -f temp-kernel ; \ + mkimage -A arm -O linux -T ramdisk -C gzip -a 0x0 -e 0x0 \ + -n 'Debian ramdisk 3.2.0-3-kirkwood' \ + -d initrd.img-3.2.0-3-kirkwood uInitrd ) + +# Establish an initial root password +echo "Set root password to "$rootpassword +echo root:$rootpassword | /usr/sbin/chpasswd + +# Create a default user +echo "Creating fbx user, password: $userpassword" +useradd $user +echo $user:$userpassword | /usr/sbin/chpasswd + +# By default, spawn a console on the serial port +echo "Adding a getty on the serial port" +echo "T0:12345:respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab + +echo "Deleting this very same script" +rm -f /install.sh + +echo "Syncing filesystem just in case something didn't get written" +sync + +echo "End configuration progress by exiting from the chroot" +exit diff --git a/freedom-maker/source/sbin/copy2dream b/freedom-maker/source/sbin/copy2dream new file mode 100644 index 0000000..267c2b6 --- /dev/null +++ b/freedom-maker/source/sbin/copy2dream @@ -0,0 +1,47 @@ +#!/bin/sh +# +# this script assumes the current root filesystem is the source, and the +# internal microSD on a DreamPlug is the target .. all existing content on +# the microSD card will be lost. +# + +# partition microSD card inside DreamPlug +echo "=> partition internal microSD card" +parted -s /dev/sda mklabel msdos +parted -s /dev/sda mkpart primary fat16 0 128 +parted -s /dev/sda mkpart primary ext2 128 100% + +# create filesystems on new partitions +echo "=> create filesystems on internal microSD card" +mkdosfs /dev/sda1 +mke2fs -j /dev/sda2 + +echo "=> mount target partitions" +mount /dev/sda2 /media +mkdir -p /media/boot +mount /dev/sda1 /media/boot + +echo "=> copy filesystem content from USB stick to target partitions" +(cd / ; tar cpSf - `/bin/ls | grep -v boot | grep -v proc | grep -v sys | grep -v media | grep -v dev`) | (cd /media ; tar xpf -) +# the following intentionally ignores subdirectories +cp /boot/* /media/boot/ + +echo "=> touch up target root partition" +mkdir /media/proc /media/sys /media/media /media/dev +mknod /media/dev/console c 5 1 +mknod /media/dev/random c 1 8 +mknod /media/dev/urandom c 1 9 +mknod /media/dev/null c 1 3 +mknod /media/dev/ptmx c 5 2 + +# patch up /etc/fstab entry for /boot +sed -e 's/sdc/sda/g' < /etc/fstab > /media/etc/fstab + +# flash the kernel and create the device's keys +chroot /media /etc/init.d/first-run + +echo "unmount target partitions" +umount /dev/sda1 +umount /dev/sda2 + +echo "=> installation complete, see docs to boot from internal microSD" -- cgit v1.2.3